Leosac  0.8.0
Open Source Access Control
UserSecurityContext.hpp
Go to the documentation of this file.
1 /*
2  Copyright (C) 2014-2016 Leosac
3 
4  This file is part of Leosac.
5 
6  Leosac is free software: you can redistribute it and/or modify
7  it under the terms of the GNU Affero General Public License as published by
8  the Free Software Foundation, either version 3 of the License, or
9  (at your option) any later version.
10 
11  Leosac is distributed in the hope that it will be useful,
12  but WITHOUT ANY WARRANTY; without even the implied warranty of
13  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14  GNU Affero General Public License for more details.
15 
16  You should have received a copy of the GNU Affero General Public License
17  along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19 
20 #pragma once
21 
22 #include "core/SecurityContext.hpp"
23 #include "core/auth/AuthFwd.hpp"
24 
25 namespace Leosac
26 {
27 
31 class UserSecurityContext : public SecurityContext
32 {
33  public:
34  UserSecurityContext(DBServicePtr dbsrv, Auth::UserId id);
35 
36  virtual bool check_permission_impl(Action a,
37  const ActionParam &ap) const override;
38 
43  bool is_self(Auth::UserId id) const;
44 
45  Auth::UserId user_id() const;
46 
50  Auth::UserPtr self() const;
51 
52  private:
53  bool can_read_group(const GroupActionParam &gap) const;
54 
55  bool can_administrate_group(const GroupActionParam &gap) const;
56 
57  bool can_read_membership(const MembershipActionParam &map) const;
58 
62  bool can_read_user(const UserActionParam &uap) const;
63 
64  bool can_read_user_detail(const UserActionParam &uap) const;
65 
66  bool can_update_user(const UserActionParam &uap) const;
67 
68  bool can_create_membership(const MembershipActionParam &map) const;
69 
73  bool can_delete_membership(const MembershipActionParam &map) const;
74 
75  bool can_read_credential(const CredentialActionParam &cap) const;
76 
77  bool can_read_schedule(const ScheduleActionParam &sap) const;
78 
79  bool can_read_door(const DoorActionParam &dap) const;
80 
84  bool is_admin() const;
85 
89  bool is_manager() const;
90 
91  Auth::UserId user_id_;
92 };
93 
94 
98 class NullSecurityContext : public UserSecurityContext
99 {
100  public:
101  NullSecurityContext();
102 
103  virtual bool check_permission_impl(Action a,
104  const ActionParam &ap) const override;
105 };
106 }
Leosac::SecurityContext::ScheduleActionParam
Definition: SecurityContext.hpp:196
Leosac::NullSecurityContext
A SecurityContext with no permission.
Definition: UserSecurityContext.hpp:98
Leosac::UserSecurityContext
A SecurityContext object for users.
Definition: UserSecurityContext.hpp:31
Leosac::SecurityContext::GroupActionParam
Definition: SecurityContext.hpp:165
Leosac::UserSecurityContext::can_read_membership
bool can_read_membership(const MembershipActionParam &map) const
Definition: UserSecurityContext.cpp:176
Leosac::UserSecurityContext::can_administrate_group
bool can_administrate_group(const GroupActionParam &gap) const
Definition: UserSecurityContext.cpp:161
Leosac::UserSecurityContext::can_read_group
bool can_read_group(const GroupActionParam &gap) const
Definition: UserSecurityContext.cpp:151
Leosac::UserSecurityContext::UserSecurityContext
UserSecurityContext(DBServicePtr dbsrv, Auth::UserId id)
Definition: UserSecurityContext.cpp:32
Leosac::UserSecurityContext::is_manager
bool is_manager() const
Helper function that returns true if the user is at least manager.
Definition: UserSecurityContext.cpp:312
AuthFwd.hpp
Leosac::UserSecurityContext::user_id
Auth::UserId user_id() const
Definition: UserSecurityContext.cpp:325
Leosac::Auth::UserPtr
std::shared_ptr< User > UserPtr
Definition: AuthFwd.hpp:31
Leosac::UserSecurityContext::can_read_door
bool can_read_door(const DoorActionParam &dap) const
Definition: UserSecurityContext.cpp:274
Leosac::SecurityContext::UserActionParam
Definition: SecurityContext.hpp:172
Leosac::UserSecurityContext::can_read_credential
bool can_read_credential(const CredentialActionParam &cap) const
Definition: UserSecurityContext.cpp:292
Leosac::UserSecurityContext::can_read_user
bool can_read_user(const UserActionParam &uap) const
Username, as well as a few basic (firstname, lastname) info are public.
Definition: UserSecurityContext.cpp:188
Leosac::SecurityContext::ActionParam
Definition: SecurityContext.hpp:231
Leosac::SecurityContext::DoorActionParam
Definition: SecurityContext.hpp:203
SecurityContext.hpp
Leosac
This is the header file for a generated source file, GitSHA1.cpp.
Definition: APIStatusCode.hpp:22
Leosac::UserSecurityContext::can_update_user
bool can_update_user(const UserActionParam &uap) const
Definition: UserSecurityContext.cpp:199
Leosac::UserSecurityContext::is_self
bool is_self(Auth::UserId id) const
Return true if the owner of the security context is the user whose id is id.
Definition: UserSecurityContext.cpp:320
Leosac::DBServicePtr
std::shared_ptr< DBService > DBServicePtr
Definition: db_fwd.hpp:34
Leosac::UserSecurityContext::user_id_
Auth::UserId user_id_
Definition: UserSecurityContext.hpp:91
Leosac::SecurityContext::Action
Action
Definition: SecurityContext.hpp:45
Leosac::UserSecurityContext::is_admin
bool is_admin() const
Helper function that returns true if the user is an administrator.
Definition: UserSecurityContext.cpp:304
Leosac::UserSecurityContext::can_read_user_detail
bool can_read_user_detail(const UserActionParam &uap) const
Definition: UserSecurityContext.cpp:194
Leosac::NullSecurityContext::check_permission_impl
virtual bool check_permission_impl(Action a, const ActionParam &ap) const override
Reimplement this method to provide permission checking.
Definition: UserSecurityContext.cpp:340
Leosac::SecurityContext::CredentialActionParam
Definition: SecurityContext.hpp:179
Leosac::Auth::UserId
unsigned long UserId
Definition: AuthFwd.hpp:34
Leosac::UserSecurityContext::can_read_schedule
bool can_read_schedule(const ScheduleActionParam &sap) const
Definition: UserSecurityContext.cpp:253
Leosac::UserSecurityContext::can_delete_membership
bool can_delete_membership(const MembershipActionParam &map) const
Can we leave/kick someone from a group.
Definition: UserSecurityContext.cpp:225
Leosac::UserSecurityContext::check_permission_impl
virtual bool check_permission_impl(Action a, const ActionParam &ap) const override
Reimplement this method to provide permission checking.
Definition: UserSecurityContext.cpp:38
Leosac::SecurityContext::MembershipActionParam
Definition: SecurityContext.hpp:186
Leosac::UserSecurityContext::can_create_membership
bool can_create_membership(const MembershipActionParam &map) const
Definition: UserSecurityContext.cpp:205
Leosac::NullSecurityContext::NullSecurityContext
NullSecurityContext()
Definition: UserSecurityContext.cpp:335
Leosac::SecurityContext
A SecurityContext is used to query permission while doing an operation.
Definition: SecurityContext.hpp:40